diff --git a/backend/app/dependencies/auth.py b/backend/app/dependencies/auth.py
index 063c18b..08c4f60 100755
--- a/backend/app/dependencies/auth.py
+++ b/backend/app/dependencies/auth.py
@@ -101,9 +101,17 @@ async def get_current_db_user(
             detail="Missing user identifier in token claims",
         )
 
+    # Azure AD v1 access tokens use 'upn'; v2/ID tokens use 'email' or 'preferred_username'
+    email = (
+        user_claims.get("email")
+        or user_claims.get("preferred_username")
+        or user_claims.get("upn")
+        or ""
+    )
+    logger.debug(f"[Auth] Resolved email='{email}' from claims keys: {list(user_claims.keys())}")
     user = await user_repo.get_or_create_from_azure(
         azure_ad_oid=azure_oid,
-        email=user_claims.get("email", user_claims.get("preferred_username", "")),
+        email=email,
         name=user_claims.get("name", "Unknown"),
     )